Methods and apparatus providing automatic signature generation and enforcement
First Claim
Patent Images
1. A method of providing computer security on a computer system, the method comprising:
- inserting at least one notifying identifier in at least one computer system, the at least one notifying identifier providing execution information associated with the at least one computer system;
receiving execution information from the at least one notifying identifier, the execution information identifying details associated with a traffic flow comprising a plurality of data flows on the at least one computer system;
generating a signature by matching the signature against at least a portion of a data payload associated with at least one attack;
identifying a common sub-string from the plurality of data payloads on the at least one computer system; and
refining the signature based on the common sub-string identified from the plurality of data payloads on the at least one computer system, the refined signature utilized to prevent further damage caused to the at least one computer system by the at least one attack.
0 Assignments
0 Petitions
Accused Products
Abstract
A system inserts at least one notifying identifier in the computer system. The at least one notifying identifier provides execution information associated with the computer system. The system receives execution information from the at least one notifying identifier, the execution information identifies details associated with a traffic flow on the computer system. The system then generates a signature based on a deterministic link provided by the execution information provided by the at least one notifying identifier. The signature is utilized to prevent further damage caused to the computer system by at least one attack.
-
Citations
19 Claims
-
1. A method of providing computer security on a computer system, the method comprising:
-
inserting at least one notifying identifier in at least one computer system, the at least one notifying identifier providing execution information associated with the at least one computer system; receiving execution information from the at least one notifying identifier, the execution information identifying details associated with a traffic flow comprising a plurality of data flows on the at least one computer system; generating a signature by matching the signature against at least a portion of a data payload associated with at least one attack; identifying a common sub-string from the plurality of data payloads on the at least one computer system; and refining the signature based on the common sub-string identified from the plurality of data payloads on the at least one computer system, the refined signature utilized to prevent further damage caused to the at least one computer system by the at least one attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
assigning a probability to each of the sub-strings within the collection of sub-strings; and associating the probability to a likelihood that a data payload associated with each of the sub-strings is one of the group consisting of a good data payload and a bad data payload.
-
-
9. The method of claim 1 comprising:
-
receiving a data payload on the computer system; comparing the data payload to the refined signature; and denying the data payload access to the computer system based on the comparison of the data payload to the refined signature.
-
-
10. A computerized device comprising:
-
a memory; a processor; a communications interface; an interconnection mechanism coupling the memory, the processor and the communications interface; wherein the memory is encoded with a signature generating application that when executed on the processor is capable of providing computer security on the computerized device by performing the operations of; inserting at least one notifying identifier in at least one computer system, the at least one notifying identifier providing execution information associated with the at least one computer system; receiving execution information from the at least one notifying identifier, the execution information identifying details associated with a traffic flow comprising a plurality of data flows on the at least one computer system; generating a signature by matching the signature against at least a portion of a data payload associated with at least one attack; identifying a common sub-string from the plurality of data payloads on the at least one computer system; and refining the signature based on the common sub-string identified from the plurality of data payloads on the at least one computer system, the refined signature utilized to prevent further damage caused to the at least one computer system by the at least one attack. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium encoded with computer programming logic that when executed on a process in a computerized device provides computer security, the medium comprising:
-
instructions for inserting at least one notifying identifier in at least one computer system, the at least one notifying identifier providing execution information associated with the at least one computer system; instructions for receiving execution information from the at least one notifying identifier, the execution information identifying details associated with a traffic flow comprising a plurality of data flows on the at least one computer system; instructions for generating a signature by matching the signature against at least a portion of a data payload associated with at least one attack; instructions for identifying a common sub-string from the plurality of data payloads on the at least one computer system; and instructions for refining the signature based on a the common sub-string identified from the plurality of data payloads on the at least one computer system, the refined signature utilized to prevent further damage caused to the at least one computer system by the at least one attack. - View Dependent Claims (16, 17, 18, 19)
-
Specification